<?php
$host="db.seng.uvic.ca"; // Host name
$username="se321g01"; // Mysql username
$password="un8bi2YM"; // Mysql password
$db_name="se321g01"; // Database name
$tbl_name="rewards"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");


// Get UID
$uid = $_GET['uid'];
$rid = $_GET['rid'];

$sql = "SELECT * FROM rewards WHERE rid='$rid'";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
$points = $row['points'];


$result = mysql_query("SELECT points FROM user_stats WHERE uid='$uid'");
$row = mysql_fetch_array($result);
$points_left = $row['points'];

$total_points = $points_left - $points;
$spent = $points * -1;

// Update into user_info
mysql_query("UPDATE user_stats
SET points='$total_points' WHERE uid='$uid'");

// Add user history
mysql_query("INSERT INTO user_history (day_stamp, points, item, uid) VALUES
(CURDATE(), '$spent', 'Bought reward', '$uid')");

// Go back to profile
header("location:./profile.php?uid=" . $uid . "&tab=4");

?>
